Vulnerabilities > Medtronic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-29 | CVE-2023-31222 | Deserialization of Untrusted Data vulnerability in Medtronic Paceart Optima 1.11 Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity. | 8.8 |
| 2023-03-01 | CVE-2023-25931 | Improper Authentication vulnerability in Medtronic Interstim X Clinician and Micro Clinician Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. | 6.8 |
| 2022-12-12 | CVE-2022-32537 | Unspecified vulnerability in Medtronic products A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. high complexity medtronic | 4.8 |
| 2020-12-14 | CVE-2020-27252 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Medtronic Mycarelink Smart Model 25000 Firmware Medtronic MyCareLink Smart 25000 all versions are vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. | 8.1 |
| 2020-12-14 | CVE-2020-25187 | Out-of-bounds Write vulnerability in Medtronic Mycarelink Smart Model 25000 Firmware Medtronic MyCareLink Smart 25000 all versions are vulnerable when an attacker who gains auth runs a debug command, which is sent to the reader causing heap overflow in the MCL Smart Reader stack. | 9.8 |
| 2020-12-14 | CVE-2020-25183 | Improper Authentication vulnerability in Medtronic Mycarelink Smart Model 25000 Firmware Medtronic MyCareLink Smart 25000 all versions contain an authentication protocol vuln where the method used to auth between MCL Smart Patient Reader and MyCareLink Smart mobile app is vulnerable to bypass. | 8.8 |
| 2019-11-08 | CVE-2019-13543 | Use of Hard-coded Credentials vulnerability in Medtronic products Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. | 7.5 |
| 2019-11-08 | CVE-2019-13539 | Inadequate Encryption Strength vulnerability in Medtronic products Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. | 7.8 |
| 2019-11-08 | CVE-2019-13535 | Incorrect Permission Assignment for Critical Resource vulnerability in Medtronic products In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data. | 4.6 |
| 2019-11-08 | CVE-2019-13531 | Unspecified vulnerability in Medtronic products In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator. low complexity medtronic | 4.6 |